
pidfile			/var/run/slapd/slapd.pid
argsfile		/var/run/slapd/slapd.args
loglevel		@%@ldap/debug/level@%@
allow			bind_v2 update_anon

TLSCertificateFile	/etc/univention/ssl/@%@hostname@%@.@%@domainname@%@/cert.pem
TLSCertificateKeyFile	/etc/univention/ssl/@%@hostname@%@.@%@domainname@%@/private.key
TLSCACertificateFile	/etc/univention/ssl/ucsCA/CAcert.pem
@!@
ciphers = configRegistry.get("ldap/tls/ciphersuite", "HIGH:MEDIUM:!aNULL:!MD5:!RC4")
if ciphers:
	print('TLSCipherSuite	%s' % (ciphers,))
protocol = configRegistry.get("ldap/tls/minprotocol", "3.1")
if protocol:
	print('TLSProtocolMin	%s' % (protocol,))
from os.path import exists
filename = configRegistry.get("ldap/tls/dh/paramfile", "/etc/ldap/dh_2048.pem")
if filename and exists(filename):
	print('TLSDHParamFile	%s' % (filename,))

print('')
print('sizelimit %s' % configRegistry.get("ldap/sizelimit"))
print('idletimeout %s' % configRegistry.get("ldap/idletimeout"))
if 'ldap/attributeoptions' in configRegistry:
    print('attributeoptions %s' % ' '.join(['"' + x.strip() + '"' for x in configRegistry.get('ldap/attributeoptions').split(',')]))
@!@
